package com.framework;

import com.library.entity.Administrator;
import com.library.entity.Power;
import com.library.entity.Staff;
import com.library.power.util.PowerType;
import org.springframework.web.servlet.HandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Iterator;
import java.util.Set;

/**
 * 用户权限拦截器
 * Created by mhy on 2018/1/13.
 */
public class AuthorityInterceptor implements HandlerInterceptor {
    @Override
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object o) throws Exception {
        String requestUrl = request.getServletPath();
        Staff staff = (Staff) request.getSession().getAttribute("staff");
        Administrator admin = (Administrator) request.getSession().getAttribute("admin");
        Set<Power> powerSet;
        Iterator<Power> it;
        Power power;
        boolean flag;

        /*权限验证*/
        if(staff == null && admin == null){  //未登录
            request.setAttribute("error","请先登录");
            request.getRequestDispatcher("/login.jsp").forward(request,response);
            return false;
        }else if(staff != null) {        //判断是否有权限
            if(staff.getRole() == null){
                request.setAttribute("error", "您没有权限访问此页面");
                request.getRequestDispatcher("/staff/staff_noAuthority.jsp").forward(request, response);
                return false;
            }
            powerSet = staff.getRole().getPowers();
            it = powerSet.iterator();
            flag = false;
            if (requestUrl.startsWith("/admin")) {        //管理员模块 员工不可以访问
                request.setAttribute("error", "您没有权限访问此页面");
                request.getRequestDispatcher("/staff/staff_noAuthority.jsp").forward(request, response);
                return false;
            } else if (requestUrl.startsWith("/staff")) {
                if (requestUrl.startsWith("/staff/bookSearch") || requestUrl.startsWith("/staff/hotKeyPage") ||
                        requestUrl.startsWith("/staff/bookInfo")) { //员工访问检索页面
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_BOOK_SEARCH.getType()) {   //检索权限
                            flag = true;
                        }
                    }   //while
                } else if (requestUrl.startsWith("/staff/my") || requestUrl.startsWith("/staff/borrow")) { //员工访问借阅页面
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_BORROW_BOOKS.getType()) {   //借书权限
                            flag = true;
                        }
                    }   //while
                }else if (requestUrl.startsWith("/staff/bookEvalue")) { //员工评论
                    powerSet = staff.getRole().getPowers();
                    it = powerSet.iterator();
                    flag = false;
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_EVALUATE.getType()) {   //借书权限
                            flag = true;
                        }
                    }   //while
                }else{
                    flag = true;
                }
                if (!flag) {
                    request.setAttribute("error", "您没有权限访问此页面");
                    request.getRequestDispatcher("/staff/staff_noAuthority.jsp").forward(request, response);
                    return false;
                }
            }
        } else if(admin != null){
            if(admin.getRole() == null){
                request.setAttribute("error", "您没有权限访问此页面");
                request.getRequestDispatcher("/admin/admin_noAuthority.jsp").forward(request, response);
                return false;
            }

            powerSet = admin.getRole().getPowers();
            it = powerSet.iterator();
            flag = false;

            if (requestUrl.startsWith("/staff")) {        //员工模块 管理员不可以访问
                request.setAttribute("error", "您没有权限访问此页面");
                request.getRequestDispatcher("/admin/admin_noAuthority.jsp").forward(request, response);
                return false;
            } else if (requestUrl.startsWith("/admin")) {
                if (requestUrl.contains("staff") || requestUrl.contains("Staff")) { //管理员工页面
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_MANAGE_STAFFS.getType()) {
                            flag = true;
                        }
                    }   //while
                } else if (requestUrl.contains("book") || requestUrl.contains("Book")) { //管理图书页面
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_MANAGE_BOOKS.getType()) {
                            flag = true;
                        }
                    }   //while
                }else if (requestUrl.contains("role") || requestUrl.contains("Role")) { //管理角色
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_MANAGE_ROlES.getType()) {   //借书权限
                            flag = true;
                        }
                    }   //while
                }else if (requestUrl.contains("borrow") || requestUrl.contains("Borrow")) { //管理借阅
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_MANAGE_BORROWS.getType()) {   //管理借阅权限
                            flag = true;
                        }
                    }   //while
                }else if (requestUrl.contains("adminList") || requestUrl.contains("Admin")) { //管理管理员
                    while (it.hasNext()) {
                        power = it.next();
                        if (power.getType() == PowerType.ENABLE_TO_MANAGE_ADMINS.getType()) {   //管理管理员权限
                            flag = true;
                        }
                    }   //while
                }else{
                    flag = true;
                }
                if (!flag) {
                    request.setAttribute("error", "您没有权限访问此页面");
                    request.getRequestDispatcher("/admin/admin_noAuthority.jsp").forward(request, response);
                    return false;
                }
            }
        }
        return true;
    }

    @Override
    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object o, ModelAndView modelAndView) throws Exception {
    }

    @Override
    public void afterCompletion(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Object o, Exception e) throws Exception {

    }
}
